How Secure is Your Password?

Whilst it can feel as though the increase of technological advances would make the use of a password less important, in fact it has never been more important to have a really good robust password – it’s arguably the single most important thing you can do to improve your security online.

There are a number of ways in which cyber criminals can access your password, including getting access to your computer (perhaps because you have inadvertently installed a virus on your computer) or device, looking over your shoulder when you use a password, or hacking into the system of an online site on which you use the password.  Another important way your password could be acquired by criminals however, is when they use sophisticated and power computers to try a vast number of different combinations in what is termed a ‘brute force’ attack.

Like all things computer-related, the power of the technology used to crack passwords has increased at an astonishing rate – where ten years ago it would have taken weeks or months to crack a particular password the same can now be achieved in seconds or minutes.  The National Cyber Security Centre (NCSC) recently published a list of the top 100,000 passwords – you can find this on their website here.  The passwords on this list are known to be remarkably common and cyber criminals would be able to try out this entire list in a matter of seconds so it isn’t only important to make sure that you aren’t on this list, but also to make sure that you have a password which is as unpredictable as possible and is difficult to guess by either man or machine.

The hacker needs to be able to identify not only the word or phrase that you mean, but also to know exactly which character appears in each position.  You can therefore increase the potential number of characters in each position whilst retaining a relatively commonly used word as a password by using special characters (like !, @, &, % etc), capital letters, and numbers.  Ideally you would use these as randomly as possible and avoid being too consistent.  For instance ‘P@ssword’ is still relatively easy to guess, whilst Ch@ro1Ai5 would be trickier.

A simple way to make a password relatively long is to use more than one word.  The NCSC recommend using three random words, which could be things which individually make sense to you but would be unusual to see together, e.g. ‘hedge cat peanut’.

Increasingly people are turning to password managers to help them, a number of these are available commercially and they combine time-saving features such as auto-entry of your information in online forms, with security as they can not only create and remember different and very secure passwords for each site you use, they can also change these for you regularly.  Password managers are a bit like a bank vault, they store all your passwords for you, and you only need to remember a single password to access the password manager.  It’s true that they will themselves be very attractive targets for criminals, but that could equally be said of a bank vault – the key thing is that for most people they are currently the weak link in the system and moving to a password manager is likely to be a vast improvement.

Top Password Tips:

• Use long passwords with letters (upper and lower case), numbers, and special characters.
• Use a different password for each site or purpose.
• Change your passwords regularly.
• Don’t write down your passwords.
• Use a password manager to help you.

Further information about staying safe online can be found at www.fas.scot/rural-business/digital-security.